Make your own free website on Tripod.com
 
                        *** PRIVACY ON THE INTERNET *** 

   * Communications privacy 
   * e-gold 
   * DigiCash  ecash 
   * CyberCash 
   * Links - the URLs mentioned can be found here in HTML format 

   * Communications privacy 
   There are two elements to communications privacy: The identity of the 
participants and the content of the messages transmitted among them. 

   It is possible to preserve the content of your messages with absolute 
security. You simply encrypt them. There are two good ways to do this: by 
using the one-time-pad encipherment scheme, or by using the Pretty Good 
Privacy program. 
   Prior to PGP, cryptographic keys had to be distributed over secure 
channels so that both parties could send encrypted traffic over insecure 
channels. Governments solved that problem by dispatching key couriers with 
satchels handcuffed to their wrists. Governments could afford to send guys 
like these to their embassies overseas. But the great masses of ordinary 
people would never have access to practical cryptography if keys had to be 
distributed this way. No matter how cheap and powerful personal computers 
might someday become, you just can't send the keys electronically without 
the risk of interception. 
   The breakthrough came with the mathematics of public key cryptography. 
This allows people to communicate securely and conveniently with no prior 
exchange of keys. No more special key couriers with black bags. This, 
coupled with the technology of the information age, means the great masses 
of people can at last use cryptography. 

   I have created a program, CIPHER.EXE (it runs under MS-DOS), which is a 
simple implementation of the one-time-pad process. This program is (so far) 
perfectly legal and you can download the ZIP file here:
   CIPHER.ZIP 35Kbytes 

   The Pretty Good Privacy program was invented by Philip Zimmermann in June 
1991. How secure is it? In 1997 these three attacks were made: 
    250 computers cooperated to break a 40-bit key in 4 hours. 
    3500 computers broke a 48-bit key in 13 days. 
    Several thousand computers linked on the Internet broke a 56-bit key in 
140 days. 
   As you can see, the difficulty increases exponentially, not linearly, 
with increasing key length. 
   As of February, 1998 the legally-exportable (from the United States) key 
size is 56 bits. Keys larger than that size are considered by the American 
Government to be dangerous weapons, even though the citizens of many other 
countries are using them. The latest version of PGP (using a key-length of 
1024 bits) is available from Norway at:    www.pgpi.com/download 
   It may or may not be legal for American citizens to use this program. 
   There is a trade-off between PGP and CIPHER: 
   PGP is much more convenient to use than CIPHER. The one-time-pad process 
requires each message to have a unique key, which must be at least as long 
as the message, and these keys must be in the possession of all 
participants. This key-handling can be a hassle, as I explained above. 
   As you saw above, PGP encipherments can be broken. (I will leave it to 
you as an exercise to calculate how many centuries it would take to break a 
1024-bit key.) The one-time-pad process is absolutely unbreakable. 

   For the vast majority of Internet users there is no such thing as true 
anonymity. Every privacy and financial service I examined is quite clear in 
its assertions that "We will release account information if we are served a 
subpoena by law enforcement officials." The e-gold service is really 
emphatic about this (see below). The only thing people WON'T tell about you 
is what they CAN'T tell about you. And the only thing they can't tell is 
what they don't know. I hope somebody will tell me that I am wrong, and that 
there IS a good way to ensure anonymity. 
   Everything you send to or receive from the Internet is transmitted, via a 
telephone cable, through your Internet Service Provider. That phone cable is 
a finger that points directly at you, and the government has unlimited 
access to it through its control over the phone company. Thus whatever 
information your ISP has about you is available to the government. Unless 
you can bypass this scheme, you have no true anonymity. (But don't feel bad, 
you CAN bypass it. I will explain below.) 
   You can obtain partial anonymity by using proxy servers. A proxy server 
is a middleman between your ISP and the websites you visit. 
   To use a proxy server for e-mail, you send your message to the proxy 
server, where all the identifying data is stripped off your message and the 
proxy server's data is installed in its place. The message is then sent on 
to its destination. The recipient sends his reply to the proxy server, which 
routes the message on to you. The recipient has no way of knowing at what 
address the message originated, but the proxy server DOES know this. 
   The same procedure is used to enable you to access a webpage anonymously. 
You query the proxy server, which strips off all references to your identity 
before forwarding your request to the website. The website knows only that 
the proxy server came to get the page. 

   Of course, none of these proxy schemes provides any security between your 
computer and your ISP or between your ISP and the proxy server. They are 
rather like having auto insurance that does not go into effect until you are 
at least 100 miles from your home. 


   * e-gold 
   www.e-gold.com 
   E-gold is a monetary transfer system, operated by Gold & Silver Reserve, 
Inc. which enables the use of precious metals as money. Transfer orders are 
expressed in amounts of gold, silver, and other metals. 
   The recipient of each e-metal payment is assessed a 1% fee, in metal. 
   You must provide them with your Name, Social Security#, Postal address, 
e-mail address, Phone#, and your Mother's maiden name. 
   Its policy on privacy is: 
   "G&SR complies with US legislation and regulations which require 
virtually every monetary transaction to have a paper trail which must be 
made accessible to government officials acting in accordance with law. All 
transactions within the e-gold system generate a permanent record so it is 
possible to trace the entire lineage of any metal back to the point where 
value entered the system. If you send us a payment which requires the filing 
of information with the government, but refuse to adequately document your 
identity, we will not accept it." 
   Don't think too harshly about this policy. G&SR, just like any ordinary 
banking institution, is compelled by law to do this. Only if they were to 
spread their metals storage around among several countries, and move their 
business headquarters out of the USA, would they be able to provide secure 
financial services. 
   Secure e-gold accounts could be provided if they were, like mixmaster, 
doubly encrypted. Only the bank would have the key to the inner envelope, 
containing the individual account data, and only the account holder would 
have the key to the outer envelope. Thus, the bank would not have to know 
anything about the account holder. It would merely deal with whoever could 
open the outer envelope. 

   In October, 2003, I logged-on to the e-gold website and registered to 
open an account. The program took my personal data and informed me that my 
account information would be sent to me via email. I never heard from them 
again.
   Here is the address of another, similar, money-transfer operation:
     www.goldmoney.com 
   It has a nice-looking website, but I have not examined it any further. 

   * DigiCash  alias ecash  
   digicash.com 
   DigiCash went bankrupt in early 1999. Here is its description anyway, so 
you can see the sort of idea that does NOT work in the American economy. 

   This company operates thru the Mark Twain Bank (also defunct), where each 
participant must have an account. 
   No physical money is involved in the actual transfer system. The 
transfers consist of strings of digits, each corresponding to a different 
digital coin. Each coin has a denomination, or value, and purses of digital 
coins are managed automatically by the ecash software. 
   Having received a payment request from Bob, Alice's ecash software 
chooses coins with the desired total value from the purse on her hard disk. 
Then it removes these coins and sends them over the network to Bob. Bob's 
software automatically sends them on to the bank. 
   To ensure that each coin is used only once, the bank records the serial 
number of each coin in its spent coin database. If the coin's serial number 
is already recorded, the bank has detected someone trying to spend the coin 
more than once and informs Bob that it is a worthless copy. 

   * CyberCash 
   cybercash.com   
   This company enables merchants to process credit cards online. 


   * Links 

   Proxy Servers 
   freedom.net 
   Anonymizer 
   Datafellows 
   Infonex 

   Private Idaho 
    Private Idaho is a utility for Windows. It simplifies using privacy 
tools such as e-mail PGP, anonymous remailers, etc. 

   Privacy information 
   Remailer information 
   Information about cookies 
   Download the latest version of PGP from Norway 

   Financial 
   E-Gold 
   CyberCash 


    Back to MyBook